MBF Knowledge Base

The way that the GDPR is written, it seems to indicate that any tiny piece of data that is readily handled passing through the Net today is suddenly weaponizable if someone wants to attack you for having it without their explicit permission -- and they can change their mind about that permission on a whim at any time without notice. Where is that line drawn?

No. Data processors have far less responsibility than data controllers. Processors just need to keep the data secure and follow their contract agreements with the data controller. For data controllers, yes, people could be malicious and keep requesting SAR for example, but only the first request must be free. Controllers must obtain clear consent at all times.

To minimize your risk and ensure your compliance click here